system {dhcp server | dhcp6 server}
Configure DHCP servers used to assign IP settings, including IP addresses, to devices connected to a FortiGate interface.
History
The following table shows all newly added, changed, or removed entries as of FortiOS 6.0.
Command | Description |
---|---|
set tftp-server <string> [<string>] |
Multiple IP addresses or hostnames can now be entered, with each entry separated by a space. |
config prefix-range edit <id> set start-prefix <prefix> set end-prefix <prefix> set prefix-length <length> next ... |
Configure a range for DHCPv6 server prefix delegation. Add a prefix range (starting and ending prefixes) and a prefix length, which determines the length of the prefix that the FortiGate sends downstream. |
config system dhcp server edit {id} # Configure DHCP servers. set id {integer} ID. range[0-4294967295] set status {disable | enable} Enable/disable this DHCP configuration. set lease-time {integer} Lease time in seconds, 0 means unlimited. range[300-8640000] set mac-acl-default-action {assign | block} MAC access control default action (allow or block assigning IP settings). assign Allow the DHCP server to assign IP settings to clients on the MAC access control list. block Block the DHCP server from assigning IP settings to clients on the MAC access control list. set forticlient-on-net-status {disable | enable} Enable/disable FortiClient-On-Net service for this DHCP server. set dns-service {local | default | specify} Options for assigning DNS servers to DHCP clients. local IP address of the interface the DHCP server is added to becomes the client's DNS server IP address. default Clients are assigned the FortiGate's configured DNS servers. specify Specify up to 3 DNS servers in the DHCP server configuration. set dns-server1 {ipv4 address} DNS server 1. set dns-server2 {ipv4 address} DNS server 2. set dns-server3 {ipv4 address} DNS server 3. set wifi-ac1 {ipv4 address} WiFi Access Controller 1 IP address (DHCP option 138, RFC 5417). set wifi-ac2 {ipv4 address} WiFi Access Controller 2 IP address (DHCP option 138, RFC 5417). set wifi-ac3 {ipv4 address} WiFi Access Controller 3 IP address (DHCP option 138, RFC 5417). set ntp-service {local | default | specify} Options for assigning Network Time Protocol (NTP) servers to DHCP clients. local IP address of the interface the DHCP server is added to becomes the client's NTP server IP address. default Clients are assigned the FortiGate's configured NTP servers. specify Specify up to 3 NTP servers in the DHCP server configuration. set ntp-server1 {ipv4 address} NTP server 1. set ntp-server2 {ipv4 address} NTP server 2. set ntp-server3 {ipv4 address} NTP server 3. set domain {string} Domain name suffix for the IP addresses that the DHCP server assigns to clients. size[35] set wins-server1 {ipv4 address} WINS server 1. set wins-server2 {ipv4 address} WINS server 2. set default-gateway {ipv4 address} Default gateway IP address assigned by the DHCP server. set next-server {ipv4 address} IP address of a server (for example, a TFTP sever) that DHCP clients can download a boot file from. set netmask {ipv4 netmask} Netmask assigned by the DHCP server. set interface {string} DHCP server can assign IP configurations to clients connected to this interface. size[15] - datasource(s): system.interface.name config ip-range edit {id} # DHCP IP range configuration. set id {integer} ID. range[0-4294967295] set start-ip {ipv4 address} Start of IP range. set end-ip {ipv4 address} End of IP range. next set timezone-option {disable | default | specify} Options for the DHCP server to set the client's time zone. disable Do not set the client's time zone. default Clients are assigned the FortiGate's configured time zone. specify Specify the time zone to be assigned to DHCP clients. set timezone {option} Select the time zone to be assigned to DHCP clients. 01 (GMT-11:00) Midway Island, Samoa 02 (GMT-10:00) Hawaii 03 (GMT-9:00) Alaska 04 (GMT-8:00) Pacific Time (US & Canada) 05 (GMT-7:00) Arizona 81 (GMT-7:00) Baja California Sur, Chihuahua 06 (GMT-7:00) Mountain Time (US & Canada) 07 (GMT-6:00) Central America 08 (GMT-6:00) Central Time (US & Canada) 09 (GMT-6:00) Mexico City 10 (GMT-6:00) Saskatchewan 11 (GMT-5:00) Bogota, Lima,Quito 12 (GMT-5:00) Eastern Time (US & Canada) 13 (GMT-5:00) Indiana (East) 74 (GMT-4:00) Caracas 14 (GMT-4:00) Atlantic Time (Canada) 77 (GMT-4:00) Georgetown 15 (GMT-4:00) La Paz 87 (GMT-4:00) Paraguay 16 (GMT-3:00) Santiago 17 (GMT-3:30) Newfoundland 18 (GMT-3:00) Brasilia 19 (GMT-3:00) Buenos Aires 20 (GMT-3:00) Nuuk (Greenland) 75 (GMT-3:00) Uruguay 21 (GMT-2:00) Mid-Atlantic 22 (GMT-1:00) Azores 23 (GMT-1:00) Cape Verde Is. 24 (GMT) Monrovia 80 (GMT) Greenwich Mean Time 79 (GMT) Casablanca 25 (GMT) Dublin, Edinburgh, Lisbon, London 26 (GMT+1:00) Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna 27 (GMT+1:00) Belgrade, Bratislava, Budapest, Ljubljana, Prague 28 (GMT+1:00) Brussels, Copenhagen, Madrid, Paris 78 (GMT+1:00) Namibia 29 (GMT+1:00) Sarajevo, Skopje, Warsaw, Zagreb 30 (GMT+1:00) West Central Africa 31 (GMT+2:00) Athens, Sofia, Vilnius 32 (GMT+2:00) Bucharest 33 (GMT+2:00) Cairo 34 (GMT+2:00) Harare, Pretoria 35 (GMT+2:00) Helsinki, Riga, Tallinn 36 (GMT+2:00) Jerusalem 37 (GMT+3:00) Baghdad 38 (GMT+3:00) Kuwait, Riyadh 83 (GMT+3:00) Moscow 84 (GMT+3:00) Minsk 40 (GMT+3:00) Nairobi 85 (GMT+3:00) Istanbul 41 (GMT+3:30) Tehran 42 (GMT+4:00) Abu Dhabi, Muscat 43 (GMT+4:00) Baku 39 (GMT+3:00) St. Petersburg, Volgograd 44 (GMT+4:30) Kabul 46 (GMT+5:00) Islamabad, Karachi, Tashkent 47 (GMT+5:30) Kolkata, Chennai, Mumbai, New Delhi 51 (GMT+5:30) Sri Jayawardenepara 48 (GMT+5:45) Kathmandu 45 (GMT+5:00) Ekaterinburg 49 (GMT+6:00) Almaty, Novosibirsk 50 (GMT+6:00) Astana, Dhaka 52 (GMT+6:30) Rangoon 53 (GMT+7:00) Bangkok, Hanoi, Jakarta 54 (GMT+7:00) Krasnoyarsk 55 (GMT+8:00) Beijing, ChongQing, HongKong, Urumgi, Irkutsk 56 (GMT+8:00) Ulaan Bataar 57 (GMT+8:00) Kuala Lumpur, Singapore 58 (GMT+8:00) Perth 59 (GMT+8:00) Taipei 60 (GMT+9:00) Osaka, Sapporo, Tokyo, Seoul 62 (GMT+9:30) Adelaide 63 (GMT+9:30) Darwin 61 (GMT+9:00) Yakutsk 64 (GMT+10:00) Brisbane 65 (GMT+10:00) Canberra, Melbourne, Sydney 66 (GMT+10:00) Guam, Port Moresby 67 (GMT+10:00) Hobart 68 (GMT+10:00) Vladivostok 69 (GMT+10:00) Magadan 70 (GMT+11:00) Solomon Is., New Caledonia 71 (GMT+12:00) Auckland, Wellington 72 (GMT+12:00) Fiji, Kamchatka, Marshall Is. 00 (GMT+12:00) Eniwetok, Kwajalein 82 (GMT+12:45) Chatham Islands 73 (GMT+13:00) Nuku'alofa 86 (GMT+13:00) Samoa 76 (GMT+14:00) Kiritimati config tftp-server edit {tftp-server} # One or more hostnames or IP addresses of the TFTP servers in quotes separated by spaces. set tftp-server {string} TFTP server. size[63] next set filename {string} Name of the boot file on the TFTP server. size[127] config options edit {id} # DHCP options. set id {integer} ID. range[0-4294967295] set code {integer} DHCP option code. range[0-255] set type {hex | string | ip | fqdn} DHCP option type. hex DHCP option in hex. string DHCP option in string. ip DHCP option in IP. fqdn DHCP option in domain search option format. set value {string} DHCP option value. size[312] set ip {string} DHCP option IPs. next set server-type {regular | ipsec} DHCP server can be a normal DHCP server or an IPsec DHCP server. regular Regular DHCP service. ipsec DHCP over IPsec service. set ip-mode {range | usrgrp} Method used to assign client IP. range Use range defined by start-ip/end-ip to assign client IP. usrgrp Use user-group defined method to assign client IP. set conflicted-ip-timeout {integer} Time in seconds to wait after a conflicted IP address is removed from the DHCP range before it can be reused. range[60-8640000] set ipsec-lease-hold {integer} DHCP over IPsec leases expire this many seconds after tunnel down (0 to disable forced-expiry). range[0-8640000] set auto-configuration {disable | enable} Enable/disable auto configuration. set ddns-update {disable | enable} Enable/disable DDNS update for DHCP. set ddns-update-override {disable | enable} Enable/disable DDNS update override for DHCP. set ddns-server-ip {ipv4 address} DDNS server IP. set ddns-zone {string} Zone of your domain name (ex. DDNS.com). size[64] set ddns-auth {disable | tsig} DDNS authentication mode. disable Disable DDNS authentication. tsig TSIG based on RFC2845. set ddns-keyname {string} DDNS update key name. size[64] set ddns-key {string} DDNS update key (base 64 encoding). set ddns-ttl {integer} TTL. range[60-86400] set vci-match {disable | enable} Enable/disable vendor class identifier (VCI) matching. When enabled only DHCP requests with a matching VCI are served. config vci-string edit {vci-string} # One or more VCI strings in quotes separated by spaces. set vci-string {string} VCI strings. size[255] next config exclude-range edit {id} # Exclude one or more ranges of IP addresses from being assigned to clients. set id {integer} ID. range[0-4294967295] set start-ip {ipv4 address} Start of IP range. set end-ip {ipv4 address} End of IP range. next config reserved-address edit {id} # Options for the DHCP server to assign IP settings to specific MAC addresses. set id {integer} ID. range[0-4294967295] set ip {ipv4 address} IP address to be reserved for the MAC address. set mac {mac address} MAC address of the client that will get the reserved IP address. set action {assign | block | reserved} Options for the DHCP server to configure the client with the reserved MAC address. assign Configure the client with this MAC address like any other client. block Block the DHCP server from assigning IP settings to the client with this MAC address. reserved Assign the reserved IP address to the client with this MAC address. set description {string} Description. size[255] next next end
config system dhcp6 server edit {id} # Configure DHCPv6 servers. set id {integer} ID. range[0-4294967295] set status {disable | enable} Enable/disable this DHCPv6 configuration. set rapid-commit {disable | enable} Enable/disable allow/disallow rapid commit. set lease-time {integer} Lease time in seconds, 0 means unlimited. range[300-8640000] set dns-service {delegated | default | specify} Options for assigning DNS servers to DHCPv6 clients. delegated Delegated DNS settings. default Clients are assigned the FortiGate's configured DNS servers. specify Specify up to 3 DNS servers in the DHCPv6 server configuration. set dns-search-list {delegated | specify} DNS search list options. delegated Delegated the DNS search list. specify Specify the DNS search list. set dns-server1 {ipv6 address} DNS server 1. set dns-server2 {ipv6 address} DNS server 2. set dns-server3 {ipv6 address} DNS server 3. set domain {string} Domain name suffix for the IP addresses that the DHCP server assigns to clients. size[35] set subnet {ipv6 prefix} Subnet or subnet-id if the IP mode is delegated. set interface {string} DHCP server can assign IP configurations to clients connected to this interface. size[15] - datasource(s): system.interface.name set option1 {string} Option 1. set option2 {string} Option 2. set option3 {string} Option 3. set upstream-interface {string} Interface name from where delegated information is provided. size[15] - datasource(s): system.interface.name set ip-mode {range | delegated} Method used to assign client IP. range Use range defined by start IP/end IP to assign client IP. delegated Use delegated prefix method to assign client IP. config prefix-range edit {id} # DHCP prefix configuration. set id {integer} ID. range[0-4294967295] set start-prefix {ipv6 address} Start of prefix range. set end-prefix {ipv6 address} End of prefix range. set prefix-length {integer} Prefix length. range[1-128] next config ip-range edit {id} # DHCP IP range configuration. set id {integer} ID. range[0-4294967295] set start-ip {ipv6 address} Start of IP range. set end-ip {ipv6 address} End of IP range. next next end
status {disable | enable}
Enable or disable this DHCP server, default is enable.
lease-time <integer>
Lease time in seconds, value between 300 and 8640000 ( 5 minutes to almost 100 days), 0 for unlimited lease time, default is 604800.
mac-acl-default-action {assign | block}
MAC access control default action. Set whether or not the DHCP server assigns network settings to a DHCP client with a MAC address that is on the MAC address control list.
assign
allow the DHCP server to assign IP settings to a client on the MAC address control list.block
block the DHCP from assigning IP settings to a client on the MAC address control list.
forticlient-on-net-status {disable | enable}
Enable or disable the FortiClient-On-Net service for this DHCP server, default is enable.
dns-service {local | default | specify}
How the DHCP clients are assigned DNS servers.
local
IP address of the interface the DHCP server is added to becomes the client's DNS server IP address.default
IP addresses of the DNS servers added to the FortiGate configuration become the client's DNS server IP addresses.specify
specify up to 3 DNS servers in the DHCP server configuration.
dns-server1 <ip>
Set the IP address of DNS server(s) which will be used by DHCP clients, up to three DNS servers (dns-server1, dns-server2, and dns-server3).
wifi-ac1 <ip>
Set the IP address of up to three WiFi Access Controller(s) (wifi-ac1, wifi-ac2, and wifi-ac3). For DHCP option 138 to use DHCP to send WiFi access controller IP addresses to Wireless Termination Points (WTPs) (RFC 5417).
ntp-service {local | default | specify}
How the DHCP clients are assigned Network Time Protocol (NTP) servers.
local
IP address of the interface the DHCP server is added to becomes the client's NTP server IP address.default
IP addresses of the NTP servers added to the FortiGate configuration become the client's NTP server IP addresses.specify
specify up to 3 NTP servers in the DHCP server configuration.
ntp-server1 <ip>
Set the IP address of NTP server(s), up to three NTP servers (ntp-server1, ntp-server2, and ntp-server3).
domain <string>
Domain name suffix for the IP addresses that the DHCP server assigns to clients.
wins-server1 <ip>
Set the IP address of WINS server(s), up to two WINS servers (wins-server1, and wins-server2).
default-gateway <ip>
The default gateway IP address that will be used by DHCP clients as their default gateway.
next-server <ip>
The IP address of the next bootstrap server. Add an IP address if you are using a secondary DHCP server to assign IP configuration options.
netmask <netmask>
The netmask assigned by the DHCP server
interface <interface-name>
The DHCP server can assign IP configurations to DHCP clients connected to this interface.
config ip-range
DHCP IP range configuration.
start-ip <ip>
The first IP of the range.
end-ip <ip>
The last IP of the range.
timezone-option {disable | default | specify}
How the DHCP server sets the client's time zone.
disable
do not set the client's time zone.default
DHCP clients are assigned the FortiGate's configured time zone.specify
specify the time zone to be assigned to DHCP clients.
timezone <timezone-number>
Select the time zone that the DHCP server assigns to DHCP clients. Available if timezone-option
is set to specify
.
tftp-server <string> [<string>]
Hostnames or IP addresses of one or more TFTP servers.
filename <string>
The file name on the tftp server.
config options
The DHCP options configuration.
code <integer>
The option's code for DHCP, see RFC 2132 for more details.
type {hex | string | ip}
DHCP option in hexadecimal, string, or IP, default is hex.
value <string>
The value is specified as a single octet. Values are available per option, see RFC 2132 for more details.
server-type {regular | ipsec}
Regular DHCP service or DHCP over IPsec services.
conflicted-ip-timeout <integer>
The time in seconds to wait after a conflicted IP address is removed from the DHCP range before it can be reused. Value between 60 to 8640000 seconds (1 minute to 100 days), default is 1800.
auto-configuration {disable | enable}
Disable or enable auto configuration, default is enable.
ddns-update {disable | enable}
Disable or enable Dynamic DNS update for DHCP, default is disable.
vci-match {disable | enable}
Disable or enable vendor class identifier (VCI) matching. When enabled only DHCP requests with a matching VCI string are served, default is disabled.
vci-string <strings>
One or more VCI strings in quotes and separated by spaces.
config exclude-range
DHCP exclude range configuration.
start-ip <ip>
The first IP of the excluded range.
end-ip <ip>
The last IP of the excluded range.
config reserved-address
How the DHCP server assigns IP settings to specific MAC addresses.
ip <ip>
The IP address to be reserved for the client with the MAC address. Only valid if action
is set to reserved
.
mac <mac-address>
MAC address of the client to be configured by the DHCP server according to the action.
action {assign | block | reserved}
How the DHCP server configures the client with the reserved MAC address.
assign
the DHCP server treats the client with this MAC address like any other client.block
block the DHCP server from assigning IP settings to the client with this MAC address.reserved
assign the reserved IP address to the client with this MAC address.
description <string>
Optionally describe the client with this MAC address.